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REGARDING SPYWARE 


WEDNESDAY, OCTOBER 5, 2005 

U.S. Senate, 

Subcommittee on Trade, Tourism, and Economic 

Development, 

Committee on Commerce, Science, and Transportation, 

Washington, DC. 

The Subcommittee met, pursuant to notice, at 2:35 p.m. in room 
SD-562, Dirksen Senate Office Building, Hon. Gordon H. Smith, 
Chairman of the Subcommittee, presiding. 

OPENING STATEMENT OF HON. GORDON H. SMITH, 

U.S. SENATOR FROM OREGON 

Senator Smith. I want to thank my colleagues for being here, I 
know they share with me a deep interest and concern about the 
matter of spyware. I want to thank Chairman Majoras for rear- 
ranging her schedule to be here today. 

As Chairman of the Subcommittee on Trade, Tourism, and Eco- 
nomic Development, which has primary jurisdiction over the Fed- 
eral Trade Commission and online-privacy issues, I have a deep in- 
terest as colleagues do in spyware and have continually worked on 
these issues to ensure protection of consumers and businesses. 

The FTC also has a responsibility to protect American consumers 
from all types of fraud and deception, including spyware. 

According to a recent survey by the National Cyber Security Alli- 
ance, 93 percent of people feel that spyware is a serious problem, 
and 61 percent believe that Congress should be doing more to com- 
bat the problem. Consumers have now downloaded free versions of 
the two most widely used anti-spyware programs over 45 million 
times. 

Although spyware has been used for many deceitful purposes, in- 
cluding theft of personal information, the technology behind it is 
being used also toward legitimate ends as well. I strongly believe 
that a total ban of an entire category of technology or product can 
have many unintended and serious consequences. If the definition 
of spyware becomes too broad, legislation adopted in haste might 
not take into account the evolution of future technologies, and in 
turn, it could stifle innovation. 

I believe we must limit the abusive and deceitful practices which 
are allowing industry the ability to build on and improve existing 
technologies. To that end, I introduced the U.S. SAFE WEB Act to 
expand the Federal Trade Commission’s current authority to en- 
force existing laws and allow the agency to coordinate with foreign 
law enforcement officials to prosecute deceptive online activities. I 

(l) 
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have also co-sponsored legislation with Senator Allen to increase 
the FTC’s current authority to enforce existing laws to prevent de- 
ceitful acts of spyware. 

We need to give the FTC the necessary tools to go after the indi- 
viduals who are already violating current Federal law. We need to 
address the most egregious activities and behaviors online without 
placing unnecessary restrictions on the entire technology industry. 

Americans must be proactive in keeping our high-tech industry 
on the cutting edge in the world market. I believe that an appro- 
priate balance can be found between limiting the illegitimate use 
of existing technologies and allowing for technology industry to 
grow, expand, and innovate. 

As we continue to address this issue, I look forward to working 
with all of my colleagues to confront this growing problem appro- 
priately and in a timely manner. 

With that I’ll go to Senator Nelson. 

STATEMENT OF HON. BILL NELSON, 

U.S. SENATOR FROM FLORIDA 

Senator Nelson. I’ll go to praising you Senator Burns, because 
you and I have sponsored the bill to address spyware problems. 

Senator Burns. That’s right. 

Senator Nelson. Everything that Senator Smith has said is ac- 
curate. Spyware invades our privacy, leads to identity theft, ex- 
poses children to pornography, aids corporate espionage, threatens 
E-Commerce, and it clearly has national security implications. And 
technology and the private marketplace haven’t found a solution to 
stop spyware, so we now need a tough Federal law Mr. Chairman, 
that clearly defines illegal conduct and gives the government more 
tools to go after the spyware companies. 

And so Senator Burns and I are sponsoring this bill called the 
Spy Block Act, along with Senators Wyden, Snowe and Boxer. And 
last year we reported this bill out of the Committee on a unani- 
mous vote. And it has one simple principle, empower consumers to 
decide for themselves what software is installed on their com- 
puters. Now Senator Allen and others have introduced another 
spyware bill, I think that one is a little narrow in scope but it has 
some very strong components. So what I want to do is, all of us 
to work together to merge the two approaches and get a spyware 
bill marked up, so we can get it moving. 

The House has already passed two such bills, but it continues to 
wait on the Senate to act. 

Thank you Mr. Chairman. 

Senator Smith. Thank you Senator Nelson, and I do look forward 
to working with you on this. I think we both share the belief that 
this is a security issue that is beyond just our individual victimiza- 
tion of spies and those who would invade our homes, but it also has 
national security implications. We simply have to work on how 
broad it is, so that we don’t stifle the future, but that we protect 
people presently in our country as well. 

Senator Burns. 
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STATEMENT OF HON. CONRAD BURNS, 

U.S. SENATOR FROM MONTANA 

Senator Burns. Thank you very much. And thank you Mr. 
Chairman, for taking the leadership on this hearing today. We had 
a hearing before, and with most of that hearing was with the folks 
in the industry and consumer groups. Today I think we’ll get a 
chance to hear from the Federal Trade Commission, which is — and 
will continue to have, an important role in anti-spyware enforce- 
ment actions. So the two hearings are complementary in that re- 
spect, and will help us learn more about the problem of spyware. 

Also just a note, our technologies continue to grow, and the use 
of those technologies goes into many fields, especially in the area 
of electronic information and communications, with Voice over IP 
prominent now in the marketplace, national emergency numbers of 
911 and how we apply those and protect those and the safety of 
911 in emergency conditions are challenges that continue to grow 
for safety and security. And we must never lose sight of that. So 
we will continue to have problems in those areas. 

Spyware, as you know, is an increasingly dangerous threat to our 
everyday activities in cyberspace. As was the case with spam sev- 
eral years ago, I believe the solution lies in the right mix of tech- 
nical solutions and tougher legislation. Both will be necessary to 
make a meaningful dent in the quantity and the types of malicious 
code that gets downloaded into the private computers of businesses 
and citizens without their consent. 

We also have to be careful not to throw out the baby with the 
bathwater, by making many ordinary and positive types of online 
business practices illegal. The area of adware in particular is an 
important gray area to keep an eye on: how exactly online adver- 
tisements are served up to users, and what kind of consent is most 
appropriate. Most adware models are good for cyberspace, because 
it is important to have a robust and responsive advertising compo- 
nent for online businesses, but when it comes to installing software 
on private computers, we have to make sure we don’t allow some 
of the more unscrupulous players out there to spoil the field for all 
the good actors that are just trying to make cyberspace more effi- 
cient. 

So I thank the Chairman of the FTC for coming up today, and 
I look forward to how she responds to questions, and the informa- 
tion she can share with us, and again to Senator Smith for setting 
up today’s hearing, because I think it’s very appropriate, and it is 
something that we have to get these bills moving and we need 
something passed and on the President’s desk before Christmas- 
time. 

Senator Smith. Thank you Senator Burns. 

Senator Allen. 

STATEMENT OF HON. GEORGE ALLEN, 

U.S. SENATOR FROM VIRGINIA 

Senator Allen. Thank you Mr. Chairman, I especially want to 
thank you for calling today’s hearing, and I thank Chairman 
Majoras for being with us today. 

And I enjoyed listening to my colleagues, and maybe there will 
be a way that we can work together on this issue. Because the 
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spyware issue is one of great importance. Just to set the param- 
eters here of what kind of a problem we have — according to the 
Pew Internet and American Life Project study in July of this year, 
in 2005 approximately 59 million American adults, nearly half of 
the Internet users, 43 percent say they have had spyware on their 
home computer. 

It’s irritating. It is a dangerous approach which is negatively im- 
pacting consumers confidence and harming the Internet as a viable 
mode, or medium for communications and also electronic com- 
merce. And none of us here want to allow this to continue. 

All of us can agree that under no circumstance is it acceptable 
to deceptively monitor a consumer’s activities online. Unfortunately 
we do not all agree on how best to deal with this problem legisla- 
tively. Now in examining this offensive spyware issue, which 
causes so much aggravation and degrades computer performance, 
we need to encourage to the greatest extent possible, market driven 
technologies solutions, as well as strengthen the enforcement of ex- 
isting laws. In my view, every legitimate business associated with 
the Internet has a very important interest in eliminating spyware. 

A recent Federal Trade Commission report suggested that the 
rapid technology advancements, and this is consistent with your 
comments, Mr. Chairman, that there are a lot of advances in tech- 
nologies to combat spyware such as firewalls, filters, anti-spyware 
tools and improved Internet browsers and operating systems are all 
the time providing easy and more affordable protections to con- 
sumers, whether at their homes or at their place of business. 

I think that the Internet’s viability is being challenged by this 
deceptive spyware though, and because of these fraudulent and de- 
ceptive installations of spyware programs being a concern, it is not 
a concern though whether this is legal or not; this already is illegal 
under Federal law, it’s a violation of Federal law. Such as the Fed- 
eral Trade Commission Act, and the Computer Fraud and Abuse 
Act. 

So I think Congress needs to focus its efforts on adequate re- 
sources and penalties to combat this criminal activity. I’ve deter- 
mined that Federal officials, and we’ll hear from the Chairman, be- 
lieve that they already have adequate authority under existing 
statutes to prosecute spyware purveyors. Law enforcement is not 
stymied by the lack of Federal jurisdiction but rather a lack of 
overall resources. That’s why my legislation, S. 1004 with the sup- 
port of you Mr. Chairman, Senators Smith, Sununu, Ensign, and 
Enzi, provides Federal law enforcement officials with the resources 
and the tool necessary to increase the breadth and the strength of 
anti-spyware enforcement efforts. 

Our legislation strikes a careful balance that you talked about 
Mr. Chairman, between pursuing illegal wrongful behavior while 
not stifling or limiting technology, innovation or legitimate online 
transactions. 

Specifically, since spyware violators are not limited to state or 
national borders to perpetrate their illegal activity, our legislation 
sets a national standard. It doesn’t matter what state you’re in, or 
territory of the United States. There ought to be that national 
standard for the unfair and deceptive practices associated with 
spyware. Additionally, our legislation provides the FTC with the 
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authority to share and coordinate information with foreign law en- 
forcement officials to improve their ability to bring cases and pros- 
ecute international spyware purveyors, your separate bill, Mr. 
Chairman, this is just a component of our bill, but yours covers it 
as well. 

But lastly, our legislation addresses the most egregious activities 
and wrongful behavior conducted via spyware, by significantly in- 
creasing civil and criminal penalties including disgorgement. We 
need to ensure that law enforcement officials can get after the ille- 
gal gains of these criminals. You can fine them, but if they have 
any assets that are traceable to this illegal activity it is an enter- 
prise on their part, and they’re selling this information. And we 
ought to get after those ill gotten gains. I don’t care what it is, 
bank accounts, yachts, art objects, whatever they’ve bought, we 
need to get after these enterprises as well as the criminal and civil 
fines. 

I believe again, that we need to find some market driven solu- 
tions, technology solutions that will ultimately solve this problem. 
I want to help the FTC have the resources they need to get after 
this criminal and illegal behavior, and I look forward Mr. Chair- 
man to hearing from the Chairman of the FTC, but most impor- 
tantly if there is a way, and I’m not sure there is, there are some 
just fundamental differences, but we need to act. 

The Senate a lot of the times is the last to act, but I think there’s 
enough will here that I hope working with my good friend Senator 
Burns that we can hopefully find a common ground to have the 
Federal Government help the FTC do its job, set a national stand- 
ard and get you the resources to get after this illegal behavior. 

And I thank you again Mr. Chairman. 

Senator Smith. Thank you very much Senator Allen. Madam 
Chairman, the mike is yours, we look forward to your testimony. 

STATEMENT OF HON. DEBORAH P. MAJORAS, CHAIRMAN, 
FEDERAL TRADE COMMISSION 

Ms. Majoras. Thank you very much Mr. Chairman, and Mem- 
bers of the Subcommittee, and good afternoon. 

The Federal Trade Commission appreciates this opportunity to 
provide the Commission’s views on the serious problems that 
spyware is causing to consumers and the steps that the FTC has 
taken to address the problem. 

Although the views expressed in the written testimony present 
the views expressed of the Commission, my oral presentation and 
responses to questions are my own, and may not necessarily rep- 
resent the views of the Commission. 

As the Subcommittee is aware, the Commission has a broad 
mandate to prohibit unfair competition, and unfair or deceptive 
practices in the marketplace. We have actively used this authority 
to address consumer problems on the Internet, including Internet 
fraud, privacy, spam and spyware. 

The term spyware can be difficult to define. It is ordinarily 
thought of as including programs such as keyloggers, that can copy 
information from consumers’ computers, as well as some types of 
adware, software that monitors computers’ surfing habits and then 
serves up pop-up advertisements. 
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At the FTC, our focus is on spyware and other malware that is 
downloaded without authorization, and causes consumers harm. 
The consumer harm from spyware can range from the capture of 
sensitive personal information to degradation of computer perform- 
ance, to the nuisance and distraction of popup ads. 

To address spyware, we implemented an active program, com- 
bining law enforcement and consumer education supplemented by 
our research. Much of the harmful conduct associated with spyware 
is already illegal. Indeed the FTC has brought several cases, and 
today is announcing it has filed another action, FTC versus Odys- 
seus Marketing. In this case, we filed a complaint in Federal Dis- 
trict Court in New Hampshire against Odysseus Marketing and its 
principal, Walter Rines, charging them with secretly installing 
spyware on consumers’ computers. 

Our complaint alleges that the defendants deceptively market 
and distribute a bogus program called Kazanon, which defendants 
claim will make users anonymous when using peer-to-peer file- 
sharing programs. 

Not only does Kazanon not work as promised, which itself a vio- 
lation of the FTC Act, but it also automatically installs a spyware 
program called Clientman on the users’ computer. Clientman in 
turn automatically installs numerous adware and other programs 
on behalf of others. And this spyware, among other things, replaces 
or reformats Internet search engine results, generates pop-up ads, 
and captures and transmits information which may include per- 
sonal information. 

Our complaint alleges that defendants have failed to disclose 
adequately that downloading Kazanon will install this spyware. In 
fact, the only place that Clientman’s virtual takeover of the host 
computer is disclosed is in the end user license agreement, or as 
we call it the EULA. 

Consumers, however, do not need to view the EULA in order to 
download Kazanon, and even if they did they would have to wade 
through five paragraphs of dense text before they reached informa- 
tion even approaching the disclosure. 

We further allege that once Clientman is installed, consumers 
cannot remove Kazanon and Clientman from their computers 
through reasonable means. Programs do not appear on the desktop 
or in the start menu, and because they avoid being detected by the 
Microsoft Windows operating system, consumers cannot use 
Microsoft’s default uninstall utilities to remove them. 

And defendants claim to provide an uninstall tool, but it doesn’t 
work. In fact, we allege in the complaint that if you activate de- 
fendants’ uninstall tool, typically that will result in having addi- 
tional files being added to your computer. 

Now as we bring each spyware case, we learn more about the 
technology and tricks in the industry and we increase our ability 
to bring future cases. We’ve made spyware investigations and pros- 
ecutions an enforcement priority and we will file more law enforce- 
ment actions. There’s no question however that attacking spyware 
is challenging. 

Given its surreptitious nature, it is often difficult to ascertain 
from whom, from where, and how spyware is disseminated. Many 
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who distribute spyware are adept at hiding, covering their tracks, 
and evading responsibility. 

Further, consumer complaints about spyware are less likely to 
lead us directly to law enforcement targets than some other com- 
plaints. Consumers often do not know from where the spyware has 
come, or even that it was spyware that caused the problems to 
their computers in the first place. 

There are five additional points that the Commission believes are 
important to our continuing efforts to combat the dissemination of 
spyware. 

First, many spyware distributors and other Internet scam artists 
are located abroad, or mask their location by using foreign inter- 
mediaries to peddle their scams. A majority of spyware programs 
distributed to the United States consumers come from foreign dis- 
tributors. In the FTC’s investigations, staff finds that regardless of 
where the spyware distributors are physically located they are 
often using foreign Internet service providers, or web hosting com- 
panies, or domain registrars, which makes it difficult to crack down 
on who’s ultimately responsible. 

Our ability to pursue distributors of spyware, and spam and 
other Internet threats would be significantly improved if Congress 
were pass the U.S. SAFE WEB Act. And Chairman Smith, we 
thank you for introducing S. 1608 which would give us that needed 
authority. 

Second, coordinated effort at the Federal and State level is essen- 
tial. The Commission is continuing to cooperate with Federal and 
state partners, which now are bringing law enforcement actions 
against spyware distributors. At the Federal level, the Department 
of Justice is able to prosecute criminally those who distribute 
spyware in certain circumstances. And at the State level, state at- 
torneys general are bringing civil law enforcement actions and both 
are critical complements to the FTC’s actions. 

Third, an educated consumer is perhaps the best defense against 
online fraud and spyware. Over the last few months the FTC has 
taken a broader look at its educational materials and tactics re- 
lated to cyber security, online privacy, and Internet fraud, and 
we’ve updated our messages and outreach strategies to better edu- 
cate consumers about these important issues. 

Just last week the Commission launched a new consumer ed ini- 
tiative, OnGuard Online. It has general information on online safe- 
ty, as well as sections with specific information on a range of top- 
ics, including spyware, and with the Chairman’s indulgence in a 
few moments we’ll give you a quick demonstration of this new 
website. 

Fourth, the Commission believes that legislation granting the 
Commission authority to seek civil penalties against spyware dis- 
tributors would be useful in deterring the dissemination of 
spyware. The Commission has the authority, as Senator Allen re- 
ferred, to file actions against those engaged in conduct in Federal 
Court, and we have the authority to obtain injunctive relief, includ- 
ing monetary relief in the form of consumer redress, or 
disgorgement of ill gotten profits. 

But in some instances it may be difficult for us to prove the sort 
of financial harm that we would need to in order to get that sort 
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of redress. A civil penalty is often then the most appropriate rem- 
edy in those cases, and we believe it could serve as a strong deter- 
rent as well. 

And finally, as with any technology problem, the most com- 
prehensive response may have to come from new technology. Tech- 
nology is what got us here, and technology should be able to bring 
us out eventually. As in other areas like spam and data security, 
it is essential that industry continue to develop technology to assist 
their own customers in combating the threats of spyware and other 
malware. 

We know that ISPs and other industry members are developing 
responses to consumer concerns about spyware and we also are ap- 
preciative that they have provided the Commission with important 
assistance in our investigations. 

In conclusion, Mr. Chairman, I assure you that the FTC will con- 
tinue to aggressively attack spyware with law enforcement actions 
and with innovative consumer education. And we look forward to 
working with the Committee on the problem of spyware. 

Now I look forward to answering any questions you have, but be- 
fore we begin, if it’s still all right with you, Mr. Chairman, I’d like 
to ask Nat Wood, who’s our Assistant Director for Consumer and 
Business Education, to just give you a brief demonstration of our 
new OnGuardOnline.gov website, particularly as it relates to 
spyware. 

All right. What you’re seeing before you is the result of team 
work. The FTC, a number of other Federal agencies, and the tech- 
nology community have teamed up to create OnGuardOnline.gov, 
which is a new site to help computer users guard against Internet 
fraud, secure their computers and protect their personal informa- 
tion. We’re encouraging companies and other organizations to help 
fight spyware, spam, identity theft and the like, by sharing the tips 
on this website with their employees, their customers, members 
and constituents. 

Interestingly, this website is branded independently of the FTC. 
We are not making it FTC materials, because we want any organi- 
zation with an interest, whether it’s government, business, con- 
sumer groups, whatever, to take this, make it their own and dis- 
tribute it widely across our country. Indeed, we now have a lot of 
interest that’s coming from other organizations around the world 
who would like to be able to use these materials. 

So just quickly looking at the home page, probably the most im- 
portant part of this is the seven practices for safer computing. 
These are practices that we want consumers to be using regardless 
of what they’re doing online. These are general tips. The site also 
contains a link on which consumers can click if they want to re- 
ceive free e-mail alerts from the Department of Homeland Security 
on various threats to the online world. 

Then we have the “Learn About” section, in which consumers can 
click on various modules to learn about different threats and the 
like, so there you see we clicked on identity theft, there’s one on 
phishing, we’ve done this in a flexible way, so that as new threats 
develop we can add them to the website. And then we have an 
“About Us” page, which if you click on that gives you, gives the 
consumer, a description of all of the various Federal agencies and 
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other organizations that they can turn to for help with respect to 
their online problems. So going back to the modules, we’ll just turn 
quickly to the spyware section, and what you can see if you click 
on this section, is first and foremost you get a quick tips section, 
which tells consumers very quickly what they should do, then 
below that we have a much longer article, so that if consumers 
want to read further about spyware, its dangers and what they can 
do about it, they have that there. 

We have a place for links and resources so that they can link to 
additional anti-spyware resources, including if they want to learn 
about what anti-spyware tools are available. And then we have a 
section that tells the consumer where to report spyware problems 
and, not surprisingly, the FTC is listed there. Then because we 
know and experts have told us, and we did a lot of consumer test- 
ing, and the like, we know the folks who spend a lot of time online 
like to be interactive online, so if they think they’re experts we 
have a quiz. 

So you click on this to begin the quiz. You get a little bit of infor- 
mation about spyware and then the quiz goes on to ask various 
questions to educate the consumers. So this one says a pop-up ad 
appears on your computer screen offering an anti-spyware product, 
“what’s your best course of action?” And then gives various an- 
swers, I would click on “C” which says “close the window if you 
want spyware protection software, get it from a provider you know 
and trust.” And that would be — I would then hear, “Excellent 
choice. The scammers will have to get up pretty early in the morn- 
ing to pull one over on you,” and the quiz goes on. And obviously 
if you get the answer wrong we explain why, in fact that would be 
wrong, and give the better course. 

So this is — we will have quizzes on all of the modules very soon, 
and I’m also pleased to report that this is also available in Spanish. 

So thank you very much Mr. Chairman. 

[The prepared statement of Ms. Majoras follows:] 

Prepared Statement of Hon. Deborah P. Majoras, Chairman, 

Federal Trade Commission 


I. Introduction 

Mr. Chairman and Members of the Committee, the Federal Trade Commission 
(“Commission” or “FTC”) appreciates this opportunity to provide the Commission’s 
views on “spyware.” 1 Spyware is a serious and growing problem that is causing sub- 
stantial harm to consumers and to the Internet as a medium of communication and 
commerce. Preventing spyware that causes such harms is a priority for the Commis- 
sion. We welcome this chance to describe what the FTC is doing to try to protect 
consumers from these harms. 

The Commission has a broad mandate to prevent unfair competition and unfair 
or deceptive acts or practices in the marketplace. Section 5 of the Federal Trade 
Commission Act gives the agency the authority to challenge acts and practices in 
or affecting commerce that are unfair or deceptive. 2 The FTC’s law enforcement ac- 
tivities against unfair or deceptive acts and practices are generally designed to pro- 
mote informed consumer choice, because an informed consumer is an empowered 
consumer. 

Spyware and other “malware” that is downloaded without authorization can cause 
a range of problems for computer users, from nuisance adware that delivers pop- 


1 The written statement presents the views of the Federal Trade Commission. Oral statements 
and responses to questions reflect the views of the speaker and do not necessarily reflect the 
views of the Commission or any other Commissioner. 

2 15 U.S.C. §45. 



10 


up ads, to software that causes sluggish computer performance, to keystroke loggers 
that capture sensitive information. As described below, the Commission has an ac- 
tive program to address concerns about spyware and other malware, including re- 
search, law enforcement and consumer education. In the past year, the Commission 
has initiated five law enforcement actions addressing spyware and malware, and 
has ongoing investigations. Moreover, as in other areas such as spam and data secu- 
rity, we believe that it is essential that industry continue to develop technology to 
assist its customers in combatting spyware. 

II. Spyware Law Enforcement 

One of the FTC’s first steps in responding to the spyware problem was to educate 
ourselves in order to develop, implement, and advocate effective policies to respond 
to it. In 2004, the FTC sponsored a public workshop entitled “Monitoring Software 
on Your PC: Spyware, Adware, and Other Software.” The agency received almost 
800 comments in connection with the workshop, and 34 representatives from the 
computer and software industries, trade associations, consumer advocacy groups 
and various governmental entities participated as panelists. In March 2005, the 
FTC released a staff report based on the information received in connection with 
the workshop. 3 Notwithstanding significant challenges in defining “spyware,” 4 5 6 the 
staff report recommended that the government should: (1) increase, using existing 
laws, criminal and civil prosecution of those who distribute spyware; and (2) in- 
crease efforts to educate consumers about the risks of spyware. The Commission is 
pleased to be able to describe today what we are doing to implement these rec- 
ommendations. 

The Commission’s spyware law enforcement strategy focuses on three key ques- 
tions. First, were consumers aware of the installation of the software on their com- 
puters? Second, what harm did the installation of the software cause? Third, how 
difficult was it for consumers to uninstall the software after it had been installed? 

A. Did Consumers Know ? 

A common problem with spyware is that it is installed on consumers’ computers 
without their knowledge. Some spyware distributors use so-called “drive-by” 
downloads to install their software on computers without even any pretense of ob- 
taining consent. In FTC v. Seismic Entertainment, 5 for example, the Commission al- 
leged that the defendants exploited a known vulnerability in the Internet Explorer 
web browser to download spyware to users’ computers without their knowledge. The 
FTC alleged that this was an unfair act or practice in violation of Section 5 of the 
FTC Act, and a Federal district court entered a preliminary injunction that prohib- 
ited the defendants from using this method to distribute their software. 

In other instances, software distributors may violate Section 5 of the FTC Act by 
failing to disclose clearly and conspicuously to consumers the software that is being 
installed. In FTC v. Odysseus Marketing, Inc., 6 the defendants offered consumers 
a free software program that purported to make the consumers anonymous when 
using peer-to-peer file sharing programs. The Commission alleged, however, the dis- 
tributors failed to disclose to consumers that this program, in turn, would install 
other, harmful software on their computers. The Commission recently filed a com- 
plaint in Federal court alleging that this failure to disclose was deceptive in viola- 
tion of Section 5 of the FTC Act, and we are awaiting a ruling on our motion for 
a temporary restraining order. Similarly, in the Advertising.com, Inc. case, 7 the re- 
spondents allegedly offered free security software, but failed to clearly and conspicu- 


3 The workshop agenda, transcript, panelist presentations, and public comments received by 
the Commission are available at http://www.ftc.gov/bcp/workshops/spyware/index.htm. The 
FTC Staff Report, Monitoring Software on Your PC: Spyware, Adware, and Other Software, re- 
leased Mar. 2005, is available at http: // www.ftc.gov l os / 2005 / 03 / 050307spywarerpt.pdf 

4 At the FTC workshop, there was “broad agreement that spyware should be defined to include 
software installed without adequate consent from the user,” yet there remained “substantial dif- 
ferences of opinion as to what distributors must do to obtain such consent.” See FTC Staff Re- 
port, supra note 3, at 4-5. In addition, there was agreement that “to avoid inadvertently includ- 
ing software that is benign or beneficial, the term spyware should be limited to software that 
causes some harm to consumers,” although there were “substantial differences of opinion as to 
when software has caused the type and magnitude of harm to warrant being treated as 
spyware.” Id. The FTC staff therefore concluded that "these fundamental issues of consent and 
harm need to be resolved before any common definition of spyware can be developed.” Id. at 
5. 

5 FTC v. Seismic Entertainment, Inc., No. 04-377-JD, 2004 U.S. Dist. LEXIS 22788 (D.N.H. 
Oct. 21, 2004). 

6 FTC v. Odysseus Marketing, Inc., No. 05-CV-330 (D.N.H. filed Sept. 21, 2005). 

7 In the Matter of Advertising.com, FTC File No. 042 3196 (filed Sept. 12, 2005), available at 
http: / j www.ftc.gov / os / caselist / 0423 196/ 0423 196.htm. 
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ously disclose to consumers that bundled with it was software that traced con- 
sumers’ Internet browsing and force-fed them pop-up advertising. The Commission 
recently issued a final consent order to resolve administrative complaint allegations 
that this failure to disclose was deceptive in violation of Section 5 of the FTC Act. 

The Commission’s spyware law enforcement actions reaffirm the principle that 
consumers have the right to decide whether to install new software on their com- 
puters. Acts and practices that undermine their ability to make this choice will be 
vigorously prosecuted. 

B. Substantial Harm to Consumers 

As the Agency learned at the workshop, and through our enforcement actions and 
subsequent investigations, spyware can cause a broad range of injury to consumers. 
The harm from spyware may vary significantly in both type and severity. 

The allegations in the Seismic case describe a prime example of software causing 
several types of serious harm to consumers. The software allegedly changed the con- 
sumer’s browser home page and default search engine, displayed an incessant 
stream of pop-up ads, and caused the user’s computer to malfunction, slow down, 
or crash. But perhaps the most serious harm alleged was that the spyware secretly 
installed a number of additional software programs, including programs that could 
monitor Internet activity and capture personal information entered into online 
forms. 

Another example of serious harm to consumers allegedly caused by spyware arose 
in the Odysseus case. According to the Commission’s complaint, the defendants sur- 
reptitiously install a spyware program called “Clientman " on the computers of con- 
sumers. Clientman, in turn, installs a number of adware and other programs. It also 
replaces or reformats Internet search engine results, generates pop-up ads, and cap- 
tures and transmits information, which may include personal information. 

In the Advertising.com case, the Commission alleged that software bundled with 
free security software collected information about consumers, including the websites 
they visited, and then was used to send a substantial number of pop-up ads. Al- 
though the harm to an individual consumer from receiving such pop-ups ads may 
be less egregious than the harm in other FTC spyware cases to date, the harm to 
consumers in the aggregate from these pop-up ads was sufficient to warrant law en- 
forcement action. The Commission alleged a violation of Section 5 of the FTC Act 
because the presence of bundled adware that collected information about consumers’ 
computer use and led to numerous pop-up ads clearly would have been material to 
consumers in determining whether to install the free security software. 

As stated in the FTC staff spyware report, it is the combination of lack of knowl- 
edge and consumer harm that makes certain installation of software illegal under 
the FTC Act. 8 9 

C. Uninstalling and Deleting Spyware Problems 

As described above, spyware often is installed without consumers’ knowledge and 
causes consumers substantial harm. This type of installation should not occur, but 
once it has, consumers should be able to uninstall or disable such software. Unfortu- 
nately, the FTC’s law enforcement experience and research shows that some soft- 
ware distributors take improper advantage of consumers’ concerns about spyware 
and market bogus anti-spyware tools. In addition, in the FTC’s experience, some 
spyware programs are difficult to identify and uninstall or disable. 

Many consumers who want to determine whether there is spyware on their per- 
sonal computers acquire and run an anti-spyware program. An anti-spyware pro- 
gram usually identifies each software program that it concludes is spyware and then 
gives the consumer the option of deleting it. Some software distributors, however, 
take advantage of consumers looking for anti-spyware products by falsely rep- 
resenting to consumers that spyware resides on their computers and making false 
claims about the ability of their products to remove spyware. In two recent cases, 
FTC v. MaxTlieater and FTC v. Trustsoft, 9 the FTC alleged that the defendants 
made false claims to consumers about the existence of spyware on their machines. 
According to the FTC’s complaint, the defendants then used these false claims to 
convince consumers to conduct free “scans” of their computers. These scans identi- 
fied innocuous software as spyware, helping to persuade consumers to purchase de- 
fendants’ spyware removal products at a cost of between $30 and $40. Moreover, the 
FTC alleged, the defendants claimed their spyware removal products could effec- 


8 See generally, FTC Staff Report, supra note 3, at 20-21. 

9 FTC v. MaxTheater, Inc., No. 05— CV— 0069 (E.D. Wa. filed Mar. 7, 2005), available at http:/ 
Iwww.ftc.gov/opa/2005l03/maxtheater.htm', FTC v. Trustsoft, Inc., No. H-05— 1905 (S.D.Tex. 
filed May 31, 2005), available at http:! / www.ftc.gov / opa / 2005 / 06 / trustsoft.htm. 
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tively uninstall many different types of known spyware programs, but the defend- 
ants’ products did not perform as promised. The Commission filed actions alleging 
that the perpetrators of these scams violated Section 5 of the FTC Act, and the 
courts have entered preliminary injunctions in both cases that prohibit the claims. 

Software falsely billed as an anti-spyware product certainly can make it difficult 
for consumers to identify and uninstall or disable spyware programs. Furthermore, 
even if consumers can identify spyware programs, some of them are particularly dif- 
ficult to remove or disable. In the Odysseus case, the complaint alleged that con- 
sumers could not uninstall the software through any reasonable means, such as by 
using the standard “Add/Remove” program on the Microsoft Windows operating sys- 
tem. According to the Commission’s complaint, although the defendants purport to 
provide instructions for uninstalling the program, those instructions are not only ex- 
tremely difficult for consumers to find, they simply do not work. The complaint al- 
leged that the defendants’ failure to provide users with a reasonable means to locate 
and remove the program is an unfair act or practice in violation of Section 5 of the 
FTC Act. 

The FTC’s law enforcement actions under Section 5 of the FTC Act have focused 
on preserving consumers’ ability to decide what software programs to install and re- 
tain on their computers, and preventing substantial harm from software programs 
installed or remaining against the consumers’ wishes. 

III. Additional Steps to Address Spyware 

Given the prevalence of spyware and the consumer harm it inflicts, the FTC has 
made spyware investigations and prosecutions an enforcement priority, and we will 
continue to file law enforcement actions against those who distribute spyware in vio- 
lation of the FTC Act. The Commission would like to emphasize four additional 
measures that it believes would enhance its efforts to combat the dissemination of 
spyware. 

First, the FTC supports legislation that would enhance its ability to investigate 
and prosecute spyware distributors that are located abroad or who try to mask their 
location by using foreign intermediaries to peddle their scams. Webroot, a well- 
known anti-spyware product distributor, recently reported that a majority of 
spyware programs distributed to United States consumers come from foreign dis- 
tributors. 10 In the FTC’s investigations, staff finds that, regardless of where 
spyware distributors are physically located, they often use foreign Internet service 
providers, web hosting companies, and domain registrars to create their websites, 
so that it is difficult for the agency to track down who is ultimately responsible. 

The FTC’s ability to pursue distributors of spyware, spam, and other Internet 
threats to consumers would be significantly improved if the Congress were to pass 
the U.S. SAFE WEB Act, introduced by Chairman Smith in the Senate as S. 1608. 
The Act makes it easier for the FTC to share information and otherwise cooperate 
with foreign law enforcement officials. The Internet knows no boundaries, and it is 
critical to improve the FTC’s ability to work with the officials of other countries to 
prevent online conduct that undermines consumer confidence in the Internet as a 
medium of communication and commerce. 

Second, the Commission will continue to coordinate with its Federal and state 
partners who are starting to bring their own law enforcement actions against 
spyware distributors to make law enforcement as effective as possible. At the Fed- 
eral level, the Department of Justice is able to prosecute criminally those who dis- 
tribute spyware in certain circumstances. In August 2005, for instance, the Depart- 
ment announced the indictments of the creator and marketer of a spyware program 
called “Loverspy " and four others who used the program to break into computers 
and illegally intercept the electronic communications of others. 11 At the state level, 
state attorneys general are bringing civil law enforcement actions. Federal criminal 
and state law enforcement actions are a critical complement to the FTC’s law en- 
forcement actions. 

Third, the FTC and others need to continue to play an active role in educating 
consumers about the risks of spyware and anti-spyware tools. The FTC has issued 
a Consumer Alert specifically on spyware, as well as four other Alerts addressing 
other online security issues such as viruses and peer-to-peer file sharing. The 
Spyware Alert lists clues that indicate spyware may have been installed and also 
discusses measures consumers can take to get rid of spyware or to reduce their 


10 Webroot Software, Inc., State of Spyware Q2 2005, released Aug. 2005, at 26, available at 
http . 7 / www. webroot. com / land / sosreport.php. 

11 Press Release, Department of Justice, Office of the United States Attorney, Southern Dis- 
trict of California Carol C. Lam, News Release Summary (Aug. 26, 2005), available at 
http .7 / www.usdoj.gov / usao / cas / pr / cas50826.1.pdf. 
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chances of getting spyware in the first place. The Spyware Alert has been accessed 
over 100,000 times since it was released in October 2004, and the tips it includes 
have been repeated in dozens of print and broadcast media stories. 

And, just last week, the Commission launched a new consumer education initia- 
tive, OnGuard Online. Over the past few months, the FTC staff has taken a broader 
look at its education materials and tactics related to cybersecurity, online privacy, 
and Internet fraud, and updated its messages and outreach strategies to better edu- 
cate computer users about these important issues. The FTC’s new website — 
OnGuardOnline.gov — has general information on online safety, as well as sections 
with specific information on a range of topics, including spyware. This structure al- 
lows us to add to the site as new topics arise. The spyware module includes up-to- 
date information, as well as interactive features like quizzes and videos. The FTC 
has also printed a million copies of a brochure, “Stop Think Click: 7 Practices for 
Safer Computing,” with information on spyware and other computer safety topics. 
The site and the brochure have information on various technologies, but the agency 
is also emphasizing behavioral changes that computer users can make to stay safe 
online — for example “protect your personal information,” and “know who you’re deal- 
ing with.” By taking this approach, the FTC can ensure that the tips remain rel- 
evant even as technology evolves. 

Our partners in the OnGuard Online initiative include: the Department of Home- 
land Security, the U.S. Postal Inspection Service, the Department of Commerce, 
Technology Administration, the Internet Education Foundation, the National Cyber 
Security Alliance, the Anti-Phishing Working Group, TRUSTe, iSafe, AARP, the Na- 
tional Consumers League, and the Better Business Bureaus. In an effort to ensure 
maximum distribution of these materials, we have not branded them as our own. 
Instead, we are encouraging any organization interested in computer security to link 
to OnGuardOnline.gov, distribute our free brochure, or reprint the OnGuard Online 
materials. 

Fourth and finally, the Commission believes that legislation granting the Commis- 
sion authority to seek civil penalties against spyware distributors may be useful in 
deterring the dissemination of spyware. As described above, the Commission has 
challenged conduct related to spyware dissemination as unfair or deceptive acts or 
practices in violation of Section 5 of the FTC Act. Under Section 13(b) of the FTC 
Act, the Commission has the authority to file actions against those engaged in this 
conduct in Federal district court and obtain injunctive relief, including monetary re- 
lief in the form of consumer redress or disgorgement of ill-gotten profits. However, 
it may be difficult in some instances for the FTC to prove the sort of financial harm 
to consumers needed to order consumer redress, or the ill-gotten gains necessary to 
order disgorgement. A civil penalty is often the most appropriate remedy in such 
cases, and serves as a strong deterrent. 

IV. Technological Solutions 

Reducing the problems associated with spyware and other malware will require 
the efforts of government, consumers, and industry acting both individually and in 
concert. As in other high-technology areas, the best and most comprehensive re- 
sponses to misuse of technology will often be improved technology. At this time 
there are certain technologies consumers can use to help protect themselves, but 
none is completely effective and further developments are needed to enhance secu- 
rity. 

The primary technological tools that consumers can use right now to protect 
themselves from spyware are detection programs. These programs can scan con- 
sumers’ computers, inform them whether there is spyware, and offer them the op- 
tion of disabling it, deleting it, or leaving it alone. To be effective, however, these 
programs must be updated on a regular basis. In addition, they are inherently vari- 
able depending on what they classify as “spyware.” Furthermore, they only detect 
spyware once it has been installed; they do not prevent its installation. Some Inter- 
net service providers have made spyware scanners and removers available to their 
subscribers. Firewalls also provide some protection from spyware, but, like scanners, 
they do not prevent spyware from being installed. Rather, they alert consumers if 
installed spyware attempts to send out information it has collected. 

Other technological solutions at the browser and operating system level are being 
developed. The Commission’s experience in other technological areas suggests that 
market forces will provide the high-tech industry with incentives to develop techno- 
logical solutions, although it is not clear exactly what that technology will be or 
when it will be available. 
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V. Conclusion 

The FTC will continue to execute aggressive law enforcement and innovative con- 
sumer education programs in the spyware arena. The FTC thanks this Committee 
for focusing attention on this important issue, and for giving me an opportunity to 
discuss the Commission’s enforcement program. The Commission looks forward to 
working with the Committee on the problem of spyware. 

Senator Smith. Thank you Ms. Majoras. I assume from your tes- 
timony that the FTC could use some more authority, because it 
supports the Allen bill that I’ve introduced with him. Is that accu- 
rate, you could use some more authority to do more rulemaking on 
this issue? 

Ms. Majoras. Well, we could, as you and Senator Allen have 
pointed out, we do believe that we have legal authority to attack 
spyware and we’ve already done it in five different cases, but we 
would like additional authority to work with our counterparts over- 
seas, we think that’s absolutely critical and we think we really 
could use civil penalty authority to assist us in bringing actions 
and remedying them. 

Senator Smith. And how about more resources? If you had your 
druthers would you be getting more authority or more resources to 
prosecute cases? 

Ms. Majoras. That’s always a tough question whether we need 
more resources. We work very hard on the budget process with 
Congress to get whatever resources we think we’re going to need 
for the year. It’s tough for me to turn down more resources if 
they’re being offered. But I don’t think — resources have been less 
a problem than I think, folks are concerned about the bigger prob- 
lem, which has been finding the folks who are distributing the 
spyware and then being able to serve them. They obviously can 
hide behind the Internet, they can skip town, they can skip the 
country, they go to other countries and hide, and that has actually 
been the biggest problem. We are using our resources as wisely as 
we can. We are squeezing every bit we can out of every dollar, and 
our anti-spyware program is part of the larger program that in- 
cludes spam, and Internet fraud, on which we’re devoting substan- 
tial resources. 

Senator Smith. What percentage would be coming into our coun- 
try from abroad, and what percentage starts here in the United 
States? 

Ms. Majoras. We don’t have exact percentages, it’s very hard to 
tell. But certainly we think a great majority of spyware is either 
coming in from outside the United States, or is making use of a for- 
eign intermediary in some way to attack consumers in the United 
States. 

Senator Smith. And in the global economy in which we live, you 
need more authority to deal with the international component, I 
think that has been very clearly demonstrated. 

Senator Nelson. 

Senator Bill Nelson. Good afternoon Madam Chairman. Tell 
me if you agree with the following statement of principles, that 
software should not be installed without a consumers knowledge 
and consent. 

Ms. Majoras. If it harms consumers, I do agree with that. 
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Senator Bill Nelson. Consumers should know who is installing 
the software on their computer. 

Ms. Majoras. Generally, yes. 

Senator Bill Nelson. Consumers should have the ability to com- 
pletely remove software from their computers. 

Ms. Majoras. Again, most of it, yes. 

Senator Bill Nelson. If software is going to collect information 
about a consumer, the software should inform the consumer first. 

Ms. Majoras. Generally yes. 

Senator Bill Nelson. If software is going to cause ads to appear 
it should make clear what is causing the ads. 

Ms. Majoras. That one is a little bit trickier, we have taken that 
on a case-by-case basis. 

Senator Bill Nelson. In your testimony, we’re going to — you’ve 
addressed it and we’ve got to confront the question of preemption. 
Do you think that it’s important to preserve general state consumer 
protection laws as potential state-level tools against software? 

Ms. Majoras. We do. In almost any context, we support allowing 
the state attorneys general to continue to enforce their consumer 
protection statutes. Having said that, there are certainly instances 
in which businesses really need consistent — if businesses are going 
to get guidance, we all benefit if it’s consistent across the Nation. 

Senator Bill Nelson. Do you think it would be helpful to have 
some baseline standards for what kind of behavior is acceptable, 
what disclosures should be given to consumers, and a statement of 
the right to uninstall software? 

Ms. Majoras. Well, with respect to disclosures, the FTC has pro- 
vided general guidance to companies for a number of years in the 
form of something we call Dot Com Disclosures, so we’ve already 
provided some general guidance. Our only concern about making 
the guidance too specific Senator Nelson, is that the landscape 
keeps changing and those who insist on perpetrating fraud and 
harming consumers find new ways to do it. And so the concern 
with being too specific about what is permitted and what isn’t, not 
only is you have to get the words exactly right, so that you don’t 
prevent what should be legal conduct, but also we have to worry 
about the future, and we don’t want to bring a case, and only to 
be told, well, because that particular practice wasn’t specifically 
listed in the piece of legislation, therefore the FTC cannot attack 
it. 

Senator Bill Nelson. I understand. I’m talking about more 
baseline standards, on behaviors, on disclosures, and on the right 
to uninstall. 

Ms. Majoras. We think the FTC has put a lot of that out there, 
but yes, there’s no question that business can always use guidance, 
and those businesses who actually have an interest in complying 
with the law. 

Senator Bill Nelson. And give us your opinion about the basic 
right of a consumer to have the ability to remove software from his 
or her computer? 

Ms. Majoras. Well, we’ve actually brought cases in which we 
have alleged violations of the FTC Act because consumers do not 
have that right, including the case that I mentioned earlier today, 
Odysseus Marketing. So we do think it is a violation if software is 
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downloaded to a consumer’s computer that is causing some harm, 
and the consumer cannot find a reasonable means to remove it. 

Senator Bill Nelson. Thank you. 

Senator Smith. Senator Burns. 

Senator Burns. Madam Chairman, thank you again for coming 
today. You’re probably aware that there are several industry 
groups working on definitions of spyware. It always seems like 
when we get into these kind of situations we all define the same 
thing in different ways and usually definitions are what lawyers 
make a living at, and enforcement becomes more difficult. To what 
degree, do you think the FTC can work with these industry groups, 
and to get efforts underway and do you think it is important that 
we have a public rulemaking process? We all say awareness is ev- 
erything, and a public process in which we make the rules and 
then we define the terms. What’s your attitude toward a situation 
like that? 

Ms. Majoras. Well, I certainly think that working together with 
industry is critical in attacking spyware and obviously if legislation 
is being considered it’s critical because these folks are the experts. 
And they can tell us, not only explain to us not only what’s out 
there today, but they’re also thinking several steps ahead. And that 
can be very important if we’re trying to put in place rules that are 
going to work on a going forward basis. So I think that can be very 
important. One thing I would caution against though is I know 
that many in industry have been anxious to really come up with 
the definition of spyware. And I think part of the reason why it’s 
been difficult to come up with a definition that everyone can agree 
on is again, because we have a bit of a moving target. And so what 
we’ve tried to do at the FTC is we’re really looking at two things: 
whether the software has been downloaded without the consumer’s 
permission, and causes some substantial harm to the consumer; 
that is really what we’ve been operating under. Call it spyware, 
call it adware, call it malware, that is what we have been looking 
at when we bring a case. 

Senator Burns. And also on the awareness, that same thing, now 
you’ve got some proceedings going on for consumers. Can you tell 
us how those proceedings are going, were there fines levied where 
if individual consumers, their computers were hurt, or crashed, did 
they get compensated, their computers back up and running again, 
or new hard drive, or whatever. Did they get their money back on 
their software of whatever, can you give us some kind of an idea 
of the results you’ve had in these proceedings? 

Ms. Majoras. Yes Senator, we’ve brought five cases since last 
October, both the first case, and the last case we brought are still 
in litigation. In the first case we brought we were able to get a pre- 
liminary injunction against the conduct and that was a case in 
which we alleged in the complaint that in fact, yes, the purveyor 
of the spyware hijacked the consumers’ computers and changed 
their settings and the like, changed their home pages, and 
downloaded personal information. That case is still in litigation, 
similarly obviously we’ve just announced the case we filed last 
week, in which spyware was downloaded without consumers’ per- 
mission and again, essentially in this case what we allege in the 
complaint is that it has taken over the consumer’s computer. That’s 
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still in litigation. We’ve brought a couple of cases against those who 
claim that they’re selling an anti-spyware solution, when in fact it’s 
a solution that doesn’t work, and so in those two instances both of 
those respondents did settle those cases with us, and we were able 
to get some consumer redress, if I recall correctly. 

And we brought one additional case in which the respondent ad- 
vertised a free download of security software. But then didn’t tell 
consumers that if they downloaded this free security software they 
would also get adware attached to their computer, so then they 
would be barraged with pop-up ads and the like and that case also 
settled. 

Senator Burns. In other words they used the spy block tech- 
nology to implant their own adware stuff without telling the cus- 
tomers, is that correct? 

Ms. Majoras. I’m not sure which technology they used, but with- 
out sufficient disclosure to the consumer they did download adware 
to the computer. 

Senator Burns. Now since these proceedings have been filed and 
you’ve been in them, are there any surprises about — do you have 
resources to take the case to final? 

Ms. Majoras. We do have resources I think to take these cases 
to final. The biggest surprises probably have been — really probably 
came in the beginning. We started trying to figure out a way how 
we were going to investigate these cases and we infected two of our 
own computers so badly with spyware that they couldn’t be used 
anymore and so we learned a lot. And so one of the things we’ve 
done during this time period as we’ve been bringing these cases is, 
we’ve bought some new computers, some new software, and some 
new hardware to assist us in going forward. As I said, we’re learn- 
ing as we go through this. 

Senator Burns. Well, I thank you for your work. And I don’t 
think there’s a person up here today that doesn’t want to get you 
some legislation and empower with you a little more power than 
you have now, because I think you’re on the right track. And also 
the differences that we have, we’ll get those worked out and I 
would hope that we could have something on the President’s desk 
and for you to look at pretty quickly. So thank you for your testi- 
mony. I read your testimony, and I concur in a lot of the subjects 
that you brought up there, so thank you for coming today. 

Mr. Chairman, thank you. 

Senator Smith. Thank you Senator Burns. 

Senator Allen. 

Senator Allen. Thank you Mr. Chairman, four different things, 
trying to get some clarification here. One is authority, second is re- 
sources, third is penalties, and fourth is what jurisdiction or stand- 
ards we should be applying. Insofar as authority, and I’ll ask you 
some questions, it seems like you have all the authority you need. 
Resources, you say you don’t need more, but you — then on author- 
ity, the area that you need it more in, is not necessarily domestic 
but international. Resources you say you have enough, penalties, 
you need stronger penalties, particularly civil penalty standards. 
The question is whether you have 50 or 40 different standards, or 
a standard for all the United States and its territories. Now has 
there ever been a situation where the FTC could not bring a case 
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because you don’t have sufficient authority under existing laws, 
other than, aside from the U.S. SAFE WEB Act, which is incor- 
porated in part, and this is Senator Smith’s measure. Is there any 
new authority that the FTC needs if you find in other words that 
somebody regardless of what their doing, if it’s fraudulent and de- 
ceptive you can prosecute them, if it is misleading, if it is false and 
so forth. Has there ever been a situation where you didn’t have the 
legal authority to prosecute within the United States? 

Ms. Majoras. With respect to spyware, I’m not aware of any, no. 

Senator Allen. So you feel that other than internationally, but 
within these orders of the United States, and our territories, you 
feel the FTC has the authority regardless of what the technology 
or method of deception is utilized? 

Ms. Majoras. Well, we’ve successfully brought cases, we’ve got 
more in the pipeline. So that’s correct. Other than what I’ve said 
about civil penalty authority, yes. 

Senator Allen. What you do want is you want more civil author- 
ity. Civil penalties, I guess you could call that authority as well. 

Ms. Majoras. We think that could be very helpful. 

Senator Allen. And that’s included in the measure the Chair- 
man and I have introduced. Now if the Congress codified prescrip- 
tive definitions of illegal behavior that are specific to current tech- 
nology, could we run the risk that this law could be obsolete as new 
technology continues to develop. 

In other words by defining a specific illegal behavior, are we cre- 
ating loopholes for spyware purveyors who figure out ways to get 
around the law? 

Ms. Majoras. Well, that is possible. I mean, obviously Section 5 
of the FTC Act would still be in effect, so we would hope that there 
was something that [inaudible] cracks, but we’d be able to use our 
broad authority to go after them. But what we wouldn’t want is for 
a court to say, well it’s not on the list, so therefore, sorry FTC, you 
can’t go after them. That’s really our only reservation. 

Senator Allen. Because in effect, you could end up with a safe 
harbor for those using these fraudulent deceptive practices if 
they’re not on that list, the court could say, well they’re not on the 
list, so therefore you cannot prosecute. 

Ms. Majoras. It’s possible, we can’t say for sure that’s how a 
court would interpret it. 

Senator Allen. Now so far, on the issue of jurisdiction, in the 
standard, so far 18 states have enacted legislation regarding 
spyware and many new laws are pending in several states. Since 
spyware, clearly by its nature is national, in fact it’s international 
in its scope. Do you agree that a national framework is necessary 
to ensure a patchwork of state laws do not unnecessarily confuse 
and burden consumers and legitimate software providers? 

Ms. Majoras. I think it’s possible, depending on the differences 
among the various state laws that — probably consumers, less so — 
but that those who are actually trying to comply with the law. I 
mean they simply can’t in the Internet context comply with mul- 
tiple standards. I mean basically they would have to figure out 
what the highest standard is, I believe, and then comply with that 
one. And so — and if that weren’t the Federal, if there are Federal 
standards, and that ends up not being the highest one, then I sup- 
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pose whichever state had the highest standard would become the 
de facto standard for the Nation. 

Senator Allen. Well, for your enforcement would it not be best 
to have a — the best standard, the strongest standard, the most ef- 
fective standard that’s set for the Nation by the Federal Govern- 
ment and Congress? 

Ms. Majoras. Well, I think a consistent standard would help all 
of us. And the fact of the matter is the state attorneys general are 
critical partners to us in this fight, but if we’re all singing from the 
same hymn book sort of speak, I think we can be very effective. 

Senator Allen. Well, our measure does have the attorneys gen- 
eral of the states involved, with a national standard, but have them 
helping enforce it, because in some cases the Federal Government 
can’t do it all. 

Ms. Majoras. That’s exactly right. We would want the states to 
absolutely have authority. 

Senator Allen. All right. Now on the questions of notice, and the 
notice and consent regime. According to this July 2005 Pew Inter- 
net and American Life Project, 73 percent they found according to 
them, 73 percent of Internet users do not always read user agree- 
ments, privacy statements, or other disclaimers, before 
downloading, or installing programs. There are some of us who will 
click through things real quickly because you want to read some- 
thing. In fact, one study of a user agreement included a clause that 
promised $1,000 to the first person to write in and request that 
$1,000. The agreement was downloaded more than 3,000 times be- 
fore somebody finally read the fine print and claimed the reward. 
Now do you believe that subjecting the entire software industry to 
a new notice and consent regime will help combat spyware? 

Ms. Majoras. Overall, no, I don’t think that would be the most 
effective tool. Our experience, while I don’t have statistics, com- 
ports very closely with the conclusion of that survey. And that is, 
for better or for worse, consumers don’t read these disclosures, and 
the more they are bombarded with similar disclosures, the less 
likely they are to read them. And what our concern has been is 
that we could have a spyware distributor who is distributing 
spyware that is very, very harmful to consumers, but then can just 
say, well I disclosed it to consumers that this is what I was going 
to do, so too bad for them. And while that has, no question, sensa- 
tional appeal, because none of us want to be extraordinarily pater- 
nalistic to American consumers. When we know that they don’t 
read these disclosures when they’re downloading software, it makes 
it hard to say that’s what we think would truly, would truly protect 
consumers. 

What we’re doing in our casework, is looking at disclosures on a 
case-by-case basis to see if we think they’re adequate. 

Senator Allen. Thank you, Mr. Chairman. 

Senator Smith. Thank you, Senator Allen. 

Senator Allen. Thank you, Madam Chairman. 

Senator Smith. To Senator Allen’s point and your answer, that 
you today announced the Odysseus case that you’re pursuing, and 
is this not a company that offers through peer-to-peer enticements 
to children, free music and other things that they readily go past 
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the disclosures to get what’s free, but in the end it’s maybe very 
promotional, and a very degrading thing? 

Ms. Majoras. It’s similar, they were working in the peer-to-peer 
realm. And the representation they made was that by downloading 
their software, your peer-to-peer presence would be anonymous and 
no one would be able to trace you. That, we alleged, isn’t true. And 
then, in addition, they’ve downloaded a lot of other software, which 
in essence as we say in the complaint, just to summarize it here, 
hijacks the consumer’s computer. 

Senator Smith. Isn’t that already illegal? 

Ms. Majoras. Yes. We’ve filed a suit under Section 5 of the FTC 
Act. 

Senator Smith. Do you think you’ll win, if it’s already illegal? Be- 
cause I want to make sure it’s illegal. 

[Laughter.] 

Ms. Majoras. Well, I certainly understand that Senator, and I 
can’t — I couldn’t tell you that nobody would ever challenge our au- 
thority or that a judge would never — you know could never find 
that we didn’t have such authority, but it’s not been a problem to 
date. And we feel that this isn’t a close call under Section 5 of the 
FTC Act and so we brought the case. 

Senator Smith. So the people who are maybe here, or interested 
in it. I understand that the software actually changes your search 
results that consumers get from search engines, like Google and 
Yahoo, and that this is done without the consumers knowledge. 

Ms. Majoras. That’s exactly right. I mean we don’t think that 
they have a way necessarily of knowing. So as you know it’s impor- 
tant to some, to be the first in a Google search results, or what 
have you, and this apparently can change the results around, but 
again, no, the consumers wouldn’t necessarily know that was even 
happening to them. 

Senator Smith. Well, if you find out it isn’t illegal, let us know. 

Ms. Majoras. You would be the first call we would make. 

Senator Smith. I mean our bill does address this very kind of 
thing. And so you know, that’s why we keep asking you if you need 
any more resources, do you need more authorities? Because this 
really gets to the heart of what we’re trying to accomplish for the 
protection of American consumers without stifling innovation in fu- 
ture technologies. Do you see a way? I mean you’ve heard all of us 
up here, all agreeing there’s a problem we want to fix, and the dif- 
ference and the difficulty is in the breadth of how we would go 
about it. I guess as you evaluate the two different bills that are 
represented here, is there a way to merge them in your mind? 

Ms. Majoras. Well, I think there’s probably, there probably is a 
way to bring it together and one — I mean if we could classify them, 
your bill restates the FTC’s authority to attack software, but in a 
more general way. The other bill tries to be a bit more specific 
about it. And I would just caution that if specifics are going to be 
added to any legislation that becomes law that it is made abso- 
lutely clear that other types of conduct may also be illegal, within 
this same family and that the FTC’s authority is not being nar- 
rowed by this. 
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Senator Smith. And if we leave it broad, to the degree you need 
to make it narrower, do you have rulemaking authorities to make 
it narrower? 

Ms. Majoras. Well, we would have rulemaking authority if you 
gave it to us, if it was needed. The one area where I think it’s dif- 
ficult to reconcile is with respect to notice. Which again I agree has 
very — has facial appeal, it does to me too, but I just don’t — our ex- 
perience is it doesn’t actually protect consumers. And since that’s 
our job, it’s hard for me to support that. 

Senator Smith. And there’s a lot of advertising that is actually 
promoting very valuable things, and useful products and we don’t 
want to get in the way of that. 

Ms. Majoras. No. No, we don’t want to get in the way of it, and 
in fact there may be First Amendment issues if we tried to go too 
far. 

Senator Smith. As I understand the U.S. SAFE WEB Act which 
you have indicated your support for, its provisions are really not 
all that new or unusual, there are other agencies in the govern- 
ment that already have these powers, is that your understanding? 

Ms. Majoras. Absolutely. The SEC, the CFTC, and banking 
agencies. 

Senator Smith. You need them too? 

Ms. Majoras. We do, I can’t emphasize it enough Chairman 
Smith. 

Senator Smith. Well, Chairwoman Majoras, thank you very 
much. Yes, please. 

Senator Allen. My time has expired but may ask some ques- 
tions. 

Senator Smith. Yes, please go ahead. 

Senator Allen. I just want to follow up on your good probative 
questions. Your caution trying to figure these things out, several 
things that you asked for, you asked for the international author- 
ity, the U.S. SAFE WEB Act, that’s part of our measure, it is not 
part of Senator Burns’ measures. So that was one thing where you 
wanted regular authority. That probably can be merged together. 
We do have a fundamental difference on the jurisdiction and how 
you define illegal behavior, which right now is very broad. If it’s 
fraudulent or deceptive, if it’s misleading, you know, it’s illegal 
which is what you’d want. You could limit yourself by prosecutorial 
discretion I suppose, and in a court the trier of fact would say, well 
no that isn’t deceptive. As opposed to specifying a bunch of dif- 
ferent specific illegal methods, which could end up with a safe har- 
bor if it’s not on that list. And maybe the solution to that, is to say 
well these are illegal but they are not the only ones that are illegal. 
Anything is, but then the other side feels like all right, we’ve at 
least specified these. I suppose that could be worked out. The no- 
tice issue is one that I do think is irreconcilable. Because as I 
was — there was a reason I asked that question, and why some 
3,000 hits are getting $3,000. Folks just simply don’t read it, they 
don’t have time for it. Even looking on this — who’s going to go 
through — now I think it’s helpful for those in the IT departments 
of companies, somebody’s going through all that, and seeing which 
are good spyware blocker programs. But a normal person in their 
home is just generally not going to go through all that. So there 
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does need to be a better business bureau approach. And I see that’s 
what that is. Now you get into the issue of jurisdiction. That’s a 
key one as to whether you have a national standard, or 50 or 40 
different states standards. I think to make companies to have to 
comply with 40 different standards, and maybe different nuances 
and different case law and all the rest makes it very difficult. To 
me that is not irreconcilable difference. Now I think it’s important 
to respect the rights, and prerogatives of the states, and prosecu- 
tion and that’s why in our measure we do have the attorneys gen- 
eral brought in. 

You wanted also the civil fines, which will be helpful. The one 
thing I find interesting though was your answer on the question of, 
you don’t need any more resources. Here’s my perspective of that. 
Is that this is so pervasive and you have nearly 50 percent of all 
computers being hit with this spyware, and it’s great that you’ve 
brought these big cases, and you’ve knocked down organizations, 
spyware organizations and you say how difficult it is to prosecute 
and find these people, well if you’re dealing with normal criminal 
behavior and you have a certain amount of resources, if you actu- 
ally had more detectives so to speak, more investigators, more 
funds if there were drug dealing for undercover agents, or making 
drug buys, or — those resources do matter in combating illegal drug 
activity. 

So I find it interesting that you say that you don’t need any more 
resources when this is such a big pervasive problem of this fraudu- 
lent and deceptive activity. If you have the civil penalties and I 
don’t know the answer to this, but where do the fines, if fines are — 
does that go to the general fund, or does that go — would that go 
to further law enforcement efforts? 

Ms. Majoras. I believe it goes to the general fund, yes. It goes 
into the Treasury. It goes into the Treasury. 

Senator Allen. All right. In drug dealing, with asset forfeiture, 
for those assets that are traceable to illegal drug dealing, that actu- 
ally goes Mr. Chairman to law enforcement so that they use it for 
undercover drug buys, paying overtime, surveillance costs, some- 
times paying informants for example, it’s like catching the shark 
and cutting it up for bait. Use the assets to catch more sharks. 
Why do you say that you don’t need more resources with — and 
maybe this is what the Administration wants you to say and I un- 
derstand that, having been a Governor, I expected all my agency 
heads to tow the line. But with something that is so pervasive, and 
obviously of bipartisan concern, and not just us, but obviously to 
the American people and to the technology community generally 
and the Internet, why would it not be helpful for you to have more 
personnel to actually get after this obviously growing, disruptive, 
illegal behavior? 

Ms. Majoras. Well, I appreciate the question and, no, Senator, 
nobody’s asked me to tow any line on this. You know we’ve actually 
been very pleased. We think as other agencies have been cut back 
in the last couple of years, as some belts have been tightened, we 
think that Congress has been very generous with us, which we ap- 
preciate and that they recognize the importance of our work. 

Look, if you give us more resources, we’ll 

Senator Allen. What would you do with them? 
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Ms. Majoras. — certainly use them. Well, probably one of the 
things I would do, is I would hire some more tech experts, who can 
help us with some of the difficulties in actually hunting down these 
folks, or in helping us find ways to push industry in the right direc- 
tion. Because I do think that ultimately technology will — is what 
will help us prevail. So I think we can. But the only issue I would 
say with respect to having a very large amount of new funds, 
which are actually earmarked for a particular purpose, is that 
what tends to happen is then if priorities shift and change, because 
for example new spyware tools come out and that tends to be less 
a problem, and the bad guys, if you will, have moved on to some- 
thing else, then we have to come back to you and say, look we have 
this pot of money, which you wanted us to use for this purpose, but 
quite frankly priorities have changed, and they would have even 
changed for you. And so that’s part of something that we obviously 
would have to work with you on, Senator. 

But obviously our job is to enforce the laws that Congress passes 
and to take our lead from consumers first, and obviously you are 
the elected representatives who represent them. So if you want us 
to have more resources to send the message to us that I’ve got to 
put more investigators on this, then obviously we will do that. 

Senator Allen. Well, in the event you actually solve this prob- 
lem quickly, obviously appropriations are annual. Even if appro- 
priations actually get done in a timely manner, I suspect that the 
fines and forfeitures that you will glean from these added — not that 
the law enforcement is simply to gain money for the government, 
but I suspect with greater enforcement not only will you have the 
Internet being more useful and less aggravating and less — fewer 
computers shut down because they’re clogged up with all of this 
spyware, is that you’ll actually end up getting more fines and for- 
feitures, and assets seized than that $10 million over the period of 
this measure. And if you didn’t need the money, you can always 
say, we need it more for something else. But I don’t see this getting 
solved in the next few years. I think it could be ameliorated, I 
think it could be mitigated, but this is — it’s too lucrative a busi- 
ness, illegal enterprise right now, and to the extent you drive it out 
of this country, you’re still going to have it overseas, and that’s why 
the U.S. SAFE WEB Act is so important and have the inter- 
national community caring as much about this as we try to get the 
international community to care about intellectual property rights 
for example. 

Ms. Majoras. That’s right. 

Senator Allen. To the extent you ever get it to that point, fine, 
we’ll save some money there. And you’re doing a great job, and 
you’ve had some good noteworthy cases, but you also recognize that 
it’s just the tip of the iceberg in this illegal spyware enterprise. 

Ms. Majoras. Indeed, not only do we recognize it, but we would 
hate to raise expectations way too high, because we’re going to 
keep at this. I mean, you know, we talk all the time about how the 
worst thing that could happen to us would be for our consumers 
to just simply lose faith in this wonderful new medium that we 
have that is the Internet. And we can’t let that happen, and we 
have to — we really have to guard and protect consumer’s confidence 
in it. So we’re going to keep at it. But I point out the difficulties 
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in tracking these folks down and so forth, only to remind us again 
that it won’t be just law enforcement that’s going to tackle this 
problem, we need new technology. 

And the good news is, that if we do get these additional inter- 
national resources, we can leverage that. We spend a lot of re- 
sources trying to chase down people in countries where we’re trying 
to hire lawyers who know what they’re doing over there when we 
don’t, and so on and so forth, and we could use our counterparts 
and vice versa, then we will be actually a lot more efficient even 
in our use of resources. 

So I appreciate your point Senator Allen. 

Senator Allen. Well, thank you. And thank you, Mr. Chairman, 
just understand Madam Chairman that the Chairman here and 
this Senator want to work with you and do this effectively. And we 
do feel that you need out of jurisdiction as you say, or added au- 
thority. And I do feel that you do need more resources to get the 
job done, and it shouldn’t just be the government, it does need to 
be the technology industry. They are the ones who are the most 
creative in coming up with the firewalls, and the filters, and the 
ways to block unwanted spyware, or illegal spyware. There is some 
spyware which has — and you were very clever answering those 
questions of Senator Nelson. But you know in some cases it’s not 
harmful, it’s not deceptive and so forth. I do think it’s going to take 
a concerted team effort on the part of the technology community 
and actually probably can — I just have faith in their innovative, 
creative capabilities to make sure the Internet stays a great inven- 
tion for the dissemination of information and ideas, and commerce, 
and education, and tele-medicine, and in so many ways, improving 
our lives in commerce. So I thank you again Mr. Chairman for your 
leadership, look forward to working with you, and Madam Chair- 
man, thank you for articulate principled leadership. 

Ms. Majoras. Thank you very much, Senator Allen. 

Senator Smith. And Madam Chairman, to Senator Allen’s point, 
I think if you hear anything today it is that this is an enormous 
problem and it requires urgent effort, and so please know we’re 
counting on you, we appreciate you, and we hope you convey to ev- 
eryone at the FTC we appreciate their good work. We recognize in 
our mailboxes that there is growing alarm and we need to be ahead 
of it. So thank you, and with that we’re adjourned. 

Ms. Majoras. Thank you very much, Senator. 

[Whereupon, at 3:40 p.m., the Committee adjourned.] 
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Response to Written Questions Submitted by Hon. Frank R. Lautenberg to 
Hon. Deborah P. Majoras 

Response to Questions One and Three 

Your letter poses two questions about the nature and efficacy of the FTC’s con- 
sumer education efforts related to spyware. Your letter commends the FTC and in- 
dustry for launching a new website, www.OnGnardOnline.gov ., but expresses the 
concern that the website uses technical terms (e.g., updating operating systems, fire- 
walls, and drive-by installations) that consumers, particularly seniors, may not un- 
derstand. Your letter also cites statistics as to the prevalence of spyware on com- 
puters and asks about the Commission’s short-term and long-term goals to decrease 
its prevalence through consumer education. 

The Commission shares your concern about the importance of educating con- 
sumers about problems in electronic commerce, including spyware. To inform con- 
sumers about spyware and other threats on the Internet, the Commission launched 
its OnGuard Online initiative, with the OnGuardOnline.gov website as its primary 
consumer education tool. The initiative was developed to address the need for a 
comprehensive, consistent set of educational messages for consumers. It incor- 
porates the best learning of the Internet community and presents it in a complete 
and accessible format. In consultation with communications experts, it was designed 
to be usable by consumers with a broad range of familiarity with the Internet and 
technology. The comprehensive website uses interactive activities, articles, videos, 
and tips that address topics important to consumers, including ways that consumers 
can lower their risk of spyware infections, clues as to whether spyware is on their 
computer, and an informative spyware quiz. Consumers are also able to report via 
the website if they have been a victim of spyware. 

Because people learn in a variety of ways, the FTC has made the OnGuard Online 
information available in many forms. The OnGuardOnline.gov website includes 
video tutorials prepared by the Internet Education Foundation with visual instruc- 
tions to “click here, then here,” to turn on the security features in various types of 
software. The site also presents a series of videos prepared by Microsoft with the 
information presented in an accessible format. 

Some consumers, including many seniors, may not be familiar with technical 
terms used to describe technology. The OnGuard Online initiative therefore uses 
plain language to describe technical concepts. For example, the OnGuard Online 
brochure explains that “[f]irewalls help keep hackers from using your computer to 
send out your personal information without your permission.” In addition, the 
OnGuard Online bookmarks and posters have quick tips written in plain language, 
and the OnguardOnline.gov website includes an extensive glossary of computing 
terms, for consumers who need more information about the terms used. Finally, the 
AARP is a partner in the OnGuard Online initiative. 

Response to Question Two 

Your letter asks whether it is deceptive to fail to disclose that spyware will be 
installed. Your letter also asks whether it is deceptive to disclose only in the end- 
user license agreement that spyware will be installed. 

It is well-established that a failure to disclose adequately material facts to con- 
sumers may be unfair or deceptive in violation of Section 5 of the FTC Act. The FTC 
has alleged a failure to disclose information in a number of Internet-related decep- 
tion cases. 1 The Commission staff also has issued a guidance document that pro- 


1 See, e.g., Juno Online Services, Inc., FTC Dkt. No. C— 4016 (June 29, 2001) (failure to disclose 
that some subscribers to its ISP service would incur long distance telephone charges while con- 
necting to the Internet) (consent order); BUY.COM, Inc., FTC Dkt. No. C— 3978 (Sept. 8, 2000) 
(failure to disclose restrictions and costs associated with purchasing a “free” or “low-cost” per- 
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vides advertisers with advice as to how to apply traditional FTC disclosure prin- 
ciples to the online environment, including advertising and marketing software on 
the Internet. 2 

The Commission has addressed the failure to disclose adequately to consumers 
the material fact that spyware would be installed on their computers. In particular, 
disclosing the presence of bundled software, including spyware, only in the end-user 
licensing agreement may be unfair or deceptive. For example, in FTC v. Odysseus 
Marketing, Inc., the defendants offered consumers a free software program that pur- 
ported to make the consumers anonymous when using peer-to-peer file-sharing pro- 
grams. 3 The Commission alleged, however, that the distributors failed to disclose 
to consumers that this program, in turn, would install other, harmful software on 
their computers. Similarly, in Advertising.com, Inc., the respondents allegedly of- 
fered free security software, but bundled with it software that caused consumers to 
receive a substantial number of pop-up ads. 4 Although the presence of this software 
was disclosed in the end-user license agreement, the Commission alleged that this 
disclosure was inadequate. The Commission therefore is using its authority to pro- 
hibit unfair or deceptive acts and practices to take law enforcement action against 
those who fail to disclose adequately to consumers that spyware will be installed 
on their computers. It is important to note that, as I indicated in my testimony, 
such a case-by-case approach that focuses on bringing law enforcement action where 
a failure to disclose has harmed consumers is preferable to requiring disclosure for 
all software, no matter how innocuous. 

Response to Question Four 

As the Commission indicated in its testimony, 5 our main tool for combating 
spyware is bringing law enforcement actions challenging acts and practices as un- 
fair or deceptive in violation of Section 5 of the FTC Act. Your letter asks how many 
spyware-related law enforcement actions we have brought in 2005, as well as for 
a description of our efforts to investigate spyware, given that many consumers may 
not know that they have spyware on their computers. 

Thus far, the FTC has brought six law enforcement actions involving spyware, in- 
cluding five law enforcement actions to date in 2005. The FTC’s written testimony 
at the recent hearing describes the FTC’s first five actions. Our sixth law enforce- 
ment action was filed after the hearing. 6 In the Enternet Media, Inc. case, the FTC 
alleged that the defendants distributed via the Internet exploitive software code 
dubbed “Search Miracle” and “EliteBar,” onto the computers of unsuspecting con- 
sumers. With the aid of their network of affiliates, the complaint alleged, the de- 
fendants trick consumers into downloading and installing their exploitive code by 
disguising it as harmless, free software, such as Internet browser upgrades, music 
files, cell phone ring tones, and song lyrics. However, contrary to their representa- 
tions, the defendants’ code is not a browser upgrade or security patch, nor is it any 
type of harmless free software. Rather, it functions as a type of spyware that sub- 
stantially interferes with the functionality of consumers’ computers, such as by 
tracking consumers’ Internet activity, changing consumers’ homepage settings, in- 
serting a new toolbar onto consumers’ Internet browsers, inserting an obtrusive win- 
dow onto consumers’ computer screens that displays advertisements, and displaying 
voluminous pop-up advertisements, even when consumers’ Internet browsers are 
closed. To make matters worse, the FTC alleges, it is extremely difficult for con- 
sumers to uninstall the exploitive code, and that the defendants’ uninstall instruc- 
tions do not work. A Federal district court granted a temporary restraining order; 
a preliminary injunction hearing has been scheduled for the near future. Using this 


sonal computer in exchange for agreeing to purchase Internet service) (consent order); Value 
America, Inc., FTC Dkt. No. C-3976 (Sept. 8, 2000) (same). 

2 Federal Trade Commission Staff Working Paper, Dot Com Disclosures: Information About 
Online Advertising (May 3, 2000), available at http://www.ftc.gov/bcp/conline/pubs/buspubs/ 
dotcom / index.htnil. 

3 The Commission recently filed a complaint in Federal court alleging that this failure to dis- 
close was deceptive in violation of Section 5 of the FTC Act. The parties stipulated to a prelimi- 
nary injunction order, which was entered on October 11, 2005. FTC v. Odysseus Marketing, Inc., 
No. 05-CV-330 (D.N.H. filed Sept. 21, 2005), available at http: / lwww.ftc.gov / opal 2005 / 10 / 
odysseus.htm. 

4 In the Matter of Advertising.com. FTC Dkt. No. C-4147 (consent order Sept. 12, 2005), avail- 
able at http:/ / www.ftc.gov / os / caselist / 0423196 / 0423196.htm. 

5 Federal Trade Commission, Prepared Statement Before the Committee on Commerce, Science, 
and Transportation Subcommittee on Trade, Tourism, and Economic Development, United States 
Senate (Oct. 5, 2005), available at http:/ / www.ftc.aov / os / testimonv / 051005spywaretest.pdf. 

6 FTC v. Enternet Media, Inc., No. CV-05-7777 (C.D. Cal. fded Nov. 1, 2005). 
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law enforcement approach, we were also able to freeze $2 million in the defendants’ 
bank accounts. 

Spyware investigations and prosecutions are a priority for the Commission. We 
are actively looking at a wide variety of sources of information about the identity 
and location of those distributing spyware that is causing harm to American con- 
sumers. We are consulting with Federal and state criminal and civil law enforce- 
ment agencies. We also are receiving critical information from high-tech companies, 
such as anti-spyware companies and operating system companies. We further are 
receiving valuable information from consumer groups, anti-spyware organization 
websites, academics, and the technology press. I appreciate the assistance that we 
are receiving from these groups, and I look forward to continue working with them 
to make our spyware investigations and prosecutions as effective as possible. 

Thank you for providing me with an opportunity to supplement my answers at 
the hearing concerning the FTC’s law enforcement record as it pertains to spyware. 
If you would like additional information, please contact Anna Davis, the Director 
of the Office of Congressional Relations, at (202) 326-3680. 
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